NetApp hosting SCCM Content Source – A Do Not Thing

I’ll get it out there – I’m not a big fan of NetApp. Why? I’ve never been with an installation where I haven’t seen any problems. And they have always affected me. In a bad way that is.

With that out of the way I want to share something that I ran into today at a customer site. During a new installation of ConfigMgr 2012 R2 we are planning for quite the amount of content. All of out site servers will be VMs in different datacenters around the globe.

In the datacenter that our Primary Site server and later on our CAS the storage team uses NetApp. There for it was a quite natural thing to use for us to use for our Content Source (not the Content Library). It should also have some benefits while operators in other parts of the world would sync their local source to our central source and so on.

It didn’t work out as well as we hoped however.

When we got the network share from the storage team we were happy that we without a problem could delegate NTFS permissions to the computer account in Active Directory. Yey!

When then copied our source for our first Application to the share and created the Application with its Deployment Type (of the type Script Installation). All running fast and smooth.

The problem started however when it was time to distribute the content. It got stuck in “Failed” state.

Opening the log showed us that the Site Server were unable to find (or rather access) the path.

NETAPP ERROR 1808

We could read “the source directory {PATH} doesn’t exist or the SMS service cannot access it, Win32 last error = 1808”. Using the command “net helpmsg 1808” translated the error code to “The account used is a computer account. Use your global user account or local user account to access this server.”.

In other word, the NetApp solution does not allow us to access the share using the computer account.

After some investigation, it looks like it can be a missing SPN in Active Directory for the NetApp OR a missing (falsely set) setting in NetApp. At the time of writing this post we have yet to find a solution however. I’ll update the post when it is found.

 

 

/Tim

About The Author

Tim Nilimaa is a consultant with Lumagate in Sweden. He has been working with Configuration Manager for 8 years. His knowledge has been selected as a speaker at many events among them Microsoft Management Summit.

7 Comments

  1. Frank Urena says:

    Hi. I am running into the same problem. Any update?

    Reply
  2. Tim says:

    @Frank Urena
    We were missing a SPN for the NetApp-host, however due to the many different forests we went with a iSCSI disk from the NetApp to a VM that shared the disk to the ConfigMgr-server using a DFS share instead.

    Reply
  3. Vishnu says:

    I am running withe same error but the Error is 3 ” which path could not be found” ..

    Can some one help me with this ??????

    Reply
  4. vishnu says:

    The source directory \\\Dir$\Apps\Software doesn’t exist or the SMS service cannot access it, Win32 last error = 3

    Failed to take snapshot of one or more contents in package

    Failed to process package after 41 retries, will retry 59 more times

    Can some one help on this issue ???

    Reply
  5. surf2fast says:

    Symptoms access problems on (Netapp) shares using system account
    Error message:

    System error 1808 has occurred.
    The account used is a computer account. Use your global user account or local user account to access this server.

    A packet trace of the failure will show the error as:

    STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT (0xC0000199)

    Cause
    Microsoft has changed the functionality of how a Local System account identifies itself during NTLM authentication. This only impacts NTLM authentication. It does not impact Kerberos Authentication.

    Solution
    On the host (client), please set the following group policy entry and reboot the host.

    Network Security: Allow Local System to use computer identity for NTLM: Disabled

    Defining this group policy makes Windows Server 2008 R2 and Windows 7 function like Windows Server 2008 SP1.

    http://technet.microsoft.com/en-us/library/jj852275.aspx

    Reply
  6. surf2fast says:

    We had the same problem. Set de correct credentials for the computer object on the share/NTFS. And set NTLN on disabled in the local policy on the SCCM server(s). See last post.

    Tada: works!

    Reply
    • adam says:

      Surf2fast…

      Did you set this policy on the sccm site server or on the distribution point?

      Reply

Leave A Reply